diff options
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/boltdb_state_internal.go | 11 | ||||
-rw-r--r-- | libpod/container.go | 13 | ||||
-rw-r--r-- | libpod/container_internal_linux.go | 2 | ||||
-rw-r--r-- | libpod/events.go | 6 | ||||
-rw-r--r-- | libpod/info.go | 9 | ||||
-rw-r--r-- | libpod/oci.go | 4 | ||||
-rw-r--r-- | libpod/options.go | 11 | ||||
-rw-r--r-- | libpod/pod_api.go | 5 | ||||
-rw-r--r-- | libpod/runtime.go | 44 | ||||
-rw-r--r-- | libpod/runtime_ctr.go | 5 | ||||
-rw-r--r-- | libpod/runtime_volume_linux.go | 12 | ||||
-rw-r--r-- | libpod/util.go | 10 | ||||
-rw-r--r-- | libpod/util_linux.go | 21 | ||||
-rw-r--r-- | libpod/util_unsupported.go | 6 |
14 files changed, 115 insertions, 44 deletions
diff --git a/libpod/boltdb_state_internal.go b/libpod/boltdb_state_internal.go index 936ccbf4c..b6a0759b1 100644 --- a/libpod/boltdb_state_internal.go +++ b/libpod/boltdb_state_internal.go @@ -6,6 +6,7 @@ import ( "strings" "github.com/boltdb/bolt" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -95,22 +96,26 @@ func checkRuntimeConfig(db *bolt.DB, rt *Runtime) error { return err } + storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID()) + if err != nil { + return err + } if err := validateDBAgainstConfig(configBkt, "storage temporary directory (runroot)", rt.config.StorageConfig.RunRoot, runRootKey, - storage.DefaultStoreOptions.RunRoot); err != nil { + storeOpts.RunRoot); err != nil { return err } if err := validateDBAgainstConfig(configBkt, "storage graph root directory (graphroot)", rt.config.StorageConfig.GraphRoot, graphRootKey, - storage.DefaultStoreOptions.GraphRoot); err != nil { + storeOpts.GraphRoot); err != nil { return err } if err := validateDBAgainstConfig(configBkt, "storage graph driver", rt.config.StorageConfig.GraphDriverName, graphDriverKey, - storage.DefaultStoreOptions.GraphDriverName); err != nil { + storeOpts.GraphDriverName); err != nil { return err } diff --git a/libpod/container.go b/libpod/container.go index 806e75c63..6d80a9bf4 100644 --- a/libpod/container.go +++ b/libpod/container.go @@ -17,7 +17,6 @@ import ( "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" - "github.com/ulule/deepcopier" ) // ContainerStatus represents the current state of a container @@ -407,7 +406,9 @@ func (t ContainerStatus) String() string { // Config returns the configuration used to create the container func (c *Container) Config() *ContainerConfig { returnConfig := new(ContainerConfig) - deepcopier.Copy(c.config).To(returnConfig) + if err := JSONDeepCopy(c.config, returnConfig); err != nil { + return nil + } return returnConfig } @@ -417,7 +418,9 @@ func (c *Container) Config() *ContainerConfig { // spec may differ slightly as mounts are added based on the image func (c *Container) Spec() *spec.Spec { returnSpec := new(spec.Spec) - deepcopier.Copy(c.config.Spec).To(returnSpec) + if err := JSONDeepCopy(c.config.Spec, returnSpec); err != nil { + return nil + } return returnSpec } @@ -1094,7 +1097,9 @@ func (c *Container) ContainerState() (*ContainerState, error) { } } returnConfig := new(ContainerState) - deepcopier.Copy(c.state).To(returnConfig) + if err := JSONDeepCopy(c.state, returnConfig); err != nil { + return nil, errors.Wrapf(err, "error copying container %s state", c.ID()) + } return c.state, nil } diff --git a/libpod/container_internal_linux.go b/libpod/container_internal_linux.go index 02f8d6aa4..23de1aa01 100644 --- a/libpod/container_internal_linux.go +++ b/libpod/container_internal_linux.go @@ -820,7 +820,7 @@ func (c *Container) makeBindMounts() error { } // Add Secret Mounts - secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.state.DestinationRunDir, c.RootUID(), c.RootGID()) + secretMounts := secrets.SecretMountsWithUIDGID(c.config.MountLabel, c.state.RunDir, c.runtime.config.DefaultMountsFile, c.state.DestinationRunDir, c.RootUID(), c.RootGID(), rootless.IsRootless()) for _, mount := range secretMounts { if _, ok := c.state.BindMounts[mount.Destination]; !ok { c.state.BindMounts[mount.Destination] = mount.Source diff --git a/libpod/events.go b/libpod/events.go index 139600982..b6a277789 100644 --- a/libpod/events.go +++ b/libpod/events.go @@ -58,6 +58,10 @@ func (v *Volume) newVolumeEvent(status events.Status) { // Events is a wrapper function for everyone to begin tailing the events log // with options func (r *Runtime) Events(fromStart, stream bool, options []events.EventFilter, eventChannel chan *events.Event) error { + if !r.valid { + return ErrRuntimeStopped + } + t, err := r.getTail(fromStart, stream) if err != nil { return err @@ -71,7 +75,7 @@ func (r *Runtime) Events(fromStart, stream bool, options []events.EventFilter, e case events.Image, events.Volume, events.Pod, events.Container: // no-op default: - return errors.Errorf("event type %s is not valid in %s", event.Type.String(), r.GetConfig().EventsLogFilePath) + return errors.Errorf("event type %s is not valid in %s", event.Type.String(), r.config.EventsLogFilePath) } include := true for _, filter := range options { diff --git a/libpod/info.go b/libpod/info.go index 62088b730..b42f64a1f 100644 --- a/libpod/info.go +++ b/libpod/info.go @@ -13,8 +13,8 @@ import ( "github.com/containers/buildah" "github.com/containers/libpod/pkg/rootless" - "github.com/containers/libpod/pkg/util" "github.com/containers/libpod/utils" + "github.com/containers/storage" "github.com/containers/storage/pkg/system" "github.com/pkg/errors" ) @@ -116,12 +116,17 @@ func (r *Runtime) hostInfo() (map[string]interface{}, error) { func (r *Runtime) storeInfo() (map[string]interface{}, error) { // lets say storage driver in use, number of images, number of containers info := map[string]interface{}{} - info["ConfigFile"] = util.StorageConfigFile() info["GraphRoot"] = r.store.GraphRoot() info["RunRoot"] = r.store.RunRoot() info["GraphDriverName"] = r.store.GraphDriverName() info["GraphOptions"] = r.store.GraphOptions() info["VolumePath"] = r.config.VolumePath + + configFile, err := storage.DefaultConfigFile(rootless.IsRootless()) + if err != nil { + return nil, err + } + info["ConfigFile"] = configFile statusPairs, err := r.store.Status() if err != nil { return nil, err diff --git a/libpod/oci.go b/libpod/oci.go index 69cff6d3c..b25175b9d 100644 --- a/libpod/oci.go +++ b/libpod/oci.go @@ -325,8 +325,8 @@ func (r *OCIRuntime) createOCIContainer(ctr *Container, cgroupParent string, res cmd.Env = append(r.conmonEnv, fmt.Sprintf("_OCI_SYNCPIPE=%d", 3)) cmd.Env = append(cmd.Env, fmt.Sprintf("_OCI_STARTPIPE=%d", 4)) cmd.Env = append(cmd.Env, fmt.Sprintf("XDG_RUNTIME_DIR=%s", runtimeDir)) - cmd.Env = append(cmd.Env, fmt.Sprintf("_LIBPOD_USERNS_CONFIGURED=%s", os.Getenv("_LIBPOD_USERNS_CONFIGURED"))) - cmd.Env = append(cmd.Env, fmt.Sprintf("_LIBPOD_ROOTLESS_UID=%s", os.Getenv("_LIBPOD_ROOTLESS_UID"))) + cmd.Env = append(cmd.Env, fmt.Sprintf("_CONTAINERS_USERNS_CONFIGURED=%s", os.Getenv("_CONTAINERS_USERNS_CONFIGURED"))) + cmd.Env = append(cmd.Env, fmt.Sprintf("_CONTAINERS_ROOTLESS_UID=%s", os.Getenv("_CONTAINERS_ROOTLESS_UID"))) cmd.Env = append(cmd.Env, fmt.Sprintf("HOME=%s", os.Getenv("HOME"))) if r.reservePorts && !ctr.config.NetMode.IsSlirp4netns() { diff --git a/libpod/options.go b/libpod/options.go index 14c21815f..55a0c0999 100644 --- a/libpod/options.go +++ b/libpod/options.go @@ -9,6 +9,7 @@ import ( "github.com/containers/image/manifest" "github.com/containers/libpod/pkg/namespaces" + "github.com/containers/libpod/pkg/rootless" "github.com/containers/storage" "github.com/containers/storage/pkg/idtools" "github.com/cri-o/ocicni/pkg/ocicni" @@ -82,11 +83,15 @@ func WithStorageConfig(config storage.StoreOptions) RuntimeOption { // or graphdriveroptions are set, then GraphRoot and RunRoot // must be set if setField { + storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID()) + if err != nil { + return err + } if rt.config.StorageConfig.GraphRoot == "" { - rt.config.StorageConfig.GraphRoot = storage.DefaultStoreOptions.GraphRoot + rt.config.StorageConfig.GraphRoot = storeOpts.GraphRoot } if rt.config.StorageConfig.RunRoot == "" { - rt.config.StorageConfig.RunRoot = storage.DefaultStoreOptions.RunRoot + rt.config.StorageConfig.RunRoot = storeOpts.RunRoot } } @@ -925,7 +930,7 @@ func WithNetNS(portMappings []ocicni.PortMapping, postConfigureNetNS bool, netmo ctr.config.PostConfigureNetNS = postConfigureNetNS ctr.config.NetMode = namespaces.NetworkMode(netmode) - ctr.config.CreateNetNS = !ctr.config.NetMode.IsUserDefined() + ctr.config.CreateNetNS = true ctr.config.PortMappings = portMappings ctr.config.Networks = networks diff --git a/libpod/pod_api.go b/libpod/pod_api.go index b9a11000e..9a6baf23e 100644 --- a/libpod/pod_api.go +++ b/libpod/pod_api.go @@ -6,7 +6,6 @@ import ( "github.com/containers/libpod/libpod/events" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/ulule/deepcopier" ) // Start starts all containers within a pod @@ -441,7 +440,9 @@ func (p *Pod) Inspect() (*PodInspect, error) { infraContainerID := p.state.InfraContainerID config := new(PodConfig) - deepcopier.Copy(p.config).To(config) + if err := JSONDeepCopy(p.config, config); err != nil { + return nil, err + } inspectData := PodInspect{ Config: config, State: &PodInspectState{ diff --git a/libpod/runtime.go b/libpod/runtime.go index b3b75d791..f7b166513 100644 --- a/libpod/runtime.go +++ b/libpod/runtime.go @@ -23,7 +23,6 @@ import ( "github.com/docker/docker/pkg/namesgenerator" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/ulule/deepcopier" ) // RuntimeStateStore is a constant indicating which state store implementation @@ -249,11 +248,16 @@ type runtimeConfiguredFrom struct { noPivotRoot bool } -var ( - defaultRuntimeConfig = RuntimeConfig{ +func defaultRuntimeConfig() (RuntimeConfig, error) { + storeOpts, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID()) + if err != nil { + return RuntimeConfig{}, err + } + + return RuntimeConfig{ // Leave this empty so containers/storage will use its defaults StorageConfig: storage.StoreOptions{}, - VolumePath: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "volumes"), + VolumePath: filepath.Join(storeOpts.GraphRoot, "volumes"), ImageDefaultTransport: DefaultTransport, StateType: BoltDBStateStore, OCIRuntime: "runc", @@ -282,7 +286,7 @@ var ( }, InitPath: DefaultInitPath, CgroupManager: SystemdCgroupsManager, - StaticDir: filepath.Join(storage.DefaultStoreOptions.GraphRoot, "libpod"), + StaticDir: filepath.Join(storeOpts.GraphRoot, "libpod"), TmpDir: "", MaxLogSize: -1, NoPivotRoot: false, @@ -293,8 +297,8 @@ var ( EnablePortReservation: true, EnableLabeling: true, NumLocks: 2048, - } -) + }, nil +} func getDefaultTmpDir() (string, error) { if !rootless.IsRootless() { @@ -355,10 +359,17 @@ func newRuntimeFromConfig(userConfigPath string, options ...RuntimeOption) (runt if err != nil { return nil, err } - deepcopier.Copy(defaultRuntimeConfig).To(runtime.config) + + defRunConf, err := defaultRuntimeConfig() + if err != nil { + return nil, err + } + if err := JSONDeepCopy(defRunConf, runtime.config); err != nil { + return nil, errors.Wrapf(err, "error copying runtime default config") + } runtime.config.TmpDir = tmpDir - storageConf, err := util.GetDefaultStoreOptions() + storageConf, err := storage.DefaultStoreOptions(rootless.IsRootless(), rootless.GetRootlessUID()) if err != nil { return nil, errors.Wrapf(err, "error retrieving storage config") } @@ -507,7 +518,10 @@ func newRuntimeFromConfig(userConfigPath string, options ...RuntimeOption) (runt } if rootlessConfigPath != "" { // storage.conf - storageConfFile := util.StorageConfigFile() + storageConfFile, err := storage.DefaultConfigFile(rootless.IsRootless()) + if err != nil { + return nil, err + } if _, err := os.Stat(storageConfFile); os.IsNotExist(err) { if err := util.WriteStorageConfigFile(&runtime.config.StorageConfig, storageConfFile); err != nil { return nil, errors.Wrapf(err, "cannot write config file %s", storageConfFile) @@ -923,20 +937,22 @@ func makeRuntime(runtime *Runtime) (err error) { } // GetConfig returns a copy of the configuration used by the runtime -func (r *Runtime) GetConfig() *RuntimeConfig { +func (r *Runtime) GetConfig() (*RuntimeConfig, error) { r.lock.RLock() defer r.lock.RUnlock() if !r.valid { - return nil + return nil, ErrRuntimeStopped } config := new(RuntimeConfig) // Copy so the caller won't be able to modify the actual config - deepcopier.Copy(r.config).To(config) + if err := JSONDeepCopy(r.config, config); err != nil { + return nil, errors.Wrapf(err, "error copying config") + } - return config + return config, nil } // Shutdown shuts down the runtime and associated containers and storage diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go index f23dc86dd..7c39d8ced 100644 --- a/libpod/runtime_ctr.go +++ b/libpod/runtime_ctr.go @@ -19,7 +19,6 @@ import ( opentracing "github.com/opentracing/opentracing-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" - "github.com/ulule/deepcopier" ) // CtrRemoveTimeout is the default number of seconds to wait after stopping a container @@ -63,7 +62,9 @@ func (r *Runtime) newContainer(ctx context.Context, rSpec *spec.Spec, options .. ctr.config.ID = stringid.GenerateNonCryptoID() ctr.config.Spec = new(spec.Spec) - deepcopier.Copy(rSpec).To(ctr.config.Spec) + if err := JSONDeepCopy(rSpec, ctr.config.Spec); err != nil { + return nil, errors.Wrapf(err, "error copying runtime spec while creating container") + } ctr.config.CreatedTime = time.Now() ctr.config.ShmSize = DefaultShmSize diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go index b51bb8213..5767a99e7 100644 --- a/libpod/runtime_volume_linux.go +++ b/libpod/runtime_volume_linux.go @@ -10,7 +10,6 @@ import ( "github.com/containers/libpod/libpod/events" "github.com/containers/storage/pkg/stringid" - "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -56,15 +55,8 @@ func (r *Runtime) newVolume(ctx context.Context, options ...VolumeCreateOption) if err := os.MkdirAll(fullVolPath, 0755); err != nil { return nil, errors.Wrapf(err, "error creating volume directory %q", fullVolPath) } - _, mountLabel, err := label.InitLabels([]string{}) - if err != nil { - return nil, errors.Wrapf(err, "error getting default mountlabels") - } - if err := label.ReleaseLabel(mountLabel); err != nil { - return nil, errors.Wrapf(err, "error releasing label %q", mountLabel) - } - if err := label.Relabel(fullVolPath, mountLabel, true); err != nil { - return nil, errors.Wrapf(err, "error setting selinux label to %q", fullVolPath) + if err := LabelVolumePath(fullVolPath, true); err != nil { + return nil, err } volume.config.MountPoint = fullVolPath diff --git a/libpod/util.go b/libpod/util.go index b7578135a..7e2dff21a 100644 --- a/libpod/util.go +++ b/libpod/util.go @@ -187,3 +187,13 @@ func validPodNSOption(p *Pod, ctrPod string) error { } return nil } + +// JSONDeepCopy performs a deep copy by performing a JSON encode/decode of the +// given structures. From and To should be identically typed structs. +func JSONDeepCopy(from, to interface{}) error { + tmp, err := json.Marshal(from) + if err != nil { + return err + } + return json.Unmarshal(tmp, to) +} diff --git a/libpod/util_linux.go b/libpod/util_linux.go index 30e2538c3..a801df2ee 100644 --- a/libpod/util_linux.go +++ b/libpod/util_linux.go @@ -9,6 +9,7 @@ import ( "github.com/containerd/cgroups" "github.com/containers/libpod/pkg/util" spec "github.com/opencontainers/runtime-spec/specs-go" + "github.com/opencontainers/selinux/go-selinux/label" "github.com/pkg/errors" "github.com/sirupsen/logrus" ) @@ -91,3 +92,23 @@ func GetV1CGroups(excludes []string) cgroups.Hierarchy { return filtered, nil } } + +// LabelVolumePath takes a mount path for a volume and gives it an +// selinux label of either shared or not +func LabelVolumePath(path string, shared bool) error { + _, mountLabel, err := label.InitLabels([]string{}) + if err != nil { + return errors.Wrapf(err, "error getting default mountlabels") + } + if err := label.ReleaseLabel(mountLabel); err != nil { + return errors.Wrapf(err, "error releasing label %q", mountLabel) + } + if err := label.Relabel(path, mountLabel, shared); err != nil { + permString := "private" + if shared { + permString = "shared" + } + return errors.Wrapf(err, "error setting selinux label for %s to %q as %s", path, mountLabel, permString) + } + return nil +} diff --git a/libpod/util_unsupported.go b/libpod/util_unsupported.go index d598b465f..940006e69 100644 --- a/libpod/util_unsupported.go +++ b/libpod/util_unsupported.go @@ -21,3 +21,9 @@ func deleteSystemdCgroup(path string) error { func assembleSystemdCgroupName(baseSlice, newSlice string) (string, error) { return "", errors.Wrapf(ErrOSNotSupported, "cgroups are not supported on non-linux OSes") } + +// LabelVolumePath takes a mount path for a volume and gives it an +// selinux label of either shared or not +func LabelVolumePath(path string, shared bool) error { + return ErrNotImplemented +} |